RBI plans to extend cyber audit to all banks

The Reserve Bank of India is planning to conduct a cyber-audit of all banks in the country instead of just a few bigger banks as it did in the past, a policy shift that comes in the wake of an increase in cyber-attacks.

The banks which do not have security measures in place as per the RBI standards will be given time to comply, failing which the regulator may initiate action, officials said.

"We had created a cyber-cell under the department of banking supervision and conducted a separate IT audit of three banks," an RBI official told ET. "Last year, we increased it to 30 banks and this year we are covering each bank for separate cyber-security and IT audit."

RBI is also expected to do a gap analysis on the basis of the reports and ask banks to bridge the gaps. Since last year, the RBI has been carrying out IT examination of banks separately from the regular financial examination of banks.Earlier, it used to conduct random cyber audits on banks and issue reports to them for remedial action.

In 2015-16, as per the RBI data, nearly 16,468 cases related to cyber fraud were reported, including debit card, credit card and net banking breaches. The number was higher than 13,083 in the previous year, and 9,500 in the year before that.

As per the Indian Computer Emergency Response Team (CERT-In) India witnessed more than 27,000 cyber-security threat incidents in the first half of 2017. Threats reported include phishing attacks, website intrusions and defacements or damages to data as well as ransomware at tacks. In 2016, nearly 50,362 incidents related to cyber-security were reported while the number was 49,455 in 2015 and 44,679 in 2014.

"The cyber-security frame work requires banks to re port any breach within two-three hours even if there is a suspicious breach," the official cited above said. "At national level there is CERT-in and now there will also be a Fin-CERT, which will deal with financial sector breaches, and the initial pilot of Fin-CERT will happen from RBI."